Q&A
Cisco Application Performance Assurance Network Module
2.0
Q. What is Cisco® Application Performance Assurance (APA) Network Module?
A. Cisco APA Network Module provides a router-integrated form factor for identifying, analyzing,
and, in conjunction with the router, controlling application traffic on a per user basis. Cisco
APA Network Module is available in two separate SKUs, Cisco NME-APA-E2 for the 2800
Series Integrated Services Routers (ISRs) and Cisco NME-APA-E3 for the 3800 Series ISRs.
Q. With which routers does Cisco APA Network Module work?
A. Cisco APA Network Module is designed to work with Cisco 2800 and 3800 Series Integrated
Services Routers. The router models that support APA Network Module include Cisco 2811,
2821, 2851, 3825, and 3845 Integrated Services Routers.
Q. How many APA Network Modules can an ISR support?
A. Cisco 2800 or 3800 Series ISRs are capable of supporting only one APA Network Module.
Q. What levels of performance does Cisco APA Network Module deliver?
A. Cisco APA Network Module is designed to provide aggregated (from all ports) sustained
unidirectional throughput of 45 Mbps (T3 rate) for the view-only version of the solution. The
system is capable of supporting concurrently up to 500 users and 5000 flows (that is, 10 flows
per user). The control version of the module provides a performance level of approximately
half of the throughput available with the view-only solution.
Q. What kind of high availability/redundancy scheme does the module offer?
A. Cisco APA Network Module does not offer high availability and does not support a redundancy
scheme. In case of APA Network Module failure, the ISR stops traffic diversion to the module.
Defective modules can be removed and replaced with a functioning module by the network
operator. Since the module is not directly inline, it will not become a point of failure on the
network.
Management
Q. How is Cisco APA Network Module managed?
A. The Cisco APA Network Module is managed by a standalone application called APA Device
Console (APADC). It is a web-based application that performs various functions such as
device management of APA Network Modules or engines (individually or as a group), service
configuration, user management, and report generation.
Q. How does the management application interface with APA Network Module?
A. APADC supports a number of management protocols to interface with APA Network Module
such as Simple Network Management Protocol (SNMP), FTP, command-line interface (CLI),
and the Cisco proprietary Remote Procedure Call (PRPC). Using SNMP, the module is able to
integrate with third-party fault/device management solutions, such as HP OpenView and
others.
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Q&A
Q. Can the management system manage/configure more than one APA Network Module?
A. APADC has multiunit management capabilities that can expand some (but not all) operations
to a group of APA modules. It supports multiunit management for a limited number of service
configuration operations such as:
●
Applying the application configuration (PQB files)
●
Installation/upgrade of the application software (PQI files)
Future releases aim at enhancing this capability by adding more supported operations and
including consolidated views over the information coming/retrieved from the group of devices.
Q. Can more than one user access the management system at the same time?
A. APADC currently does not support concurrent access by multiple users. Only one user can
log in to the application and connect to an APA Network Module.
Q. What types of security mechanisms are provided for the APADC user?
A. Secure access to APADC is supported by the process of authentication/authorization of the
user accessing APADC for administrative purposes. Authentication/authorization is local only,
based on validation of provided user credentials and requested access level against the local
database. Future releases of the solution will support authentication/authorization by
integrating with an external authentication, authorization, and accounting (AAA) entity.
Q. How many APA Network Modules can be managed at one time by the management
application?
A. One instance of the APADC management application supports the management and
configuration of up to ten APA Network Modules.
Q. Are there plans for more comprehensive central management?
A. Yes. Both central management (APACC) and central reporting (APARC) will be available in
the near future. Both products will initially support up to 100 devices, scaling to 1000 devices
with upcoming releases.
Product Roadmap
Q. Why are APA Network Modules only available for viewing and reporting? Will they be
available in control configurations as well?
A. The initial release of APA Network Module specified that the product provide only deep packet
inspection and reporting on application traffic. With this latest release of software, the module
is now able to facilitate application control, using the router as the policy enforcement point.
Solution Overview
Q. What is the Cisco Application Performance Assurance Solution?
A. The Cisco APA Solution is a traffic management solution available as either a network module
for Cisco Integrated Services Routers or as a standalone network appliance. The standalone
appliance, the Cisco Application Performance Assurance Engine, is designed for deployment
in large sites or small datacenters. The APA Solution is considered to be a part of a broader
Cisco WAN optimization solution that aims to increase efficiency of the WAN links between
enterprise sites.
The Cisco APA module solution facilitates the detection of virtually any network application,
including enterprise resource planning (ERP) applications, multimedia streams, broadband
voice, web browsing, instant messaging, and forms of unwanted and malicious traffic such as
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
Q&A
peer to peer (P2P). Once this traffic has been identified, the network administrator is able to
appropriately configure quality of service (QoS) policies to control the traffic so that the timecritical and high-priority portion of LAN-WAN traffic will not suffer from giving up the bandwidth
to the less critical applications. The result is overall reduction of network congestion, improved
application performance, and the ability to plan more effective network bandwidth upgrades.
Q. What product components make up the Cisco APA module solution?
A. The Cisco APA module solution consists of the following components:
●
APA Network Module, which is responsible for traffic classification using deep packet
inspection of the traffic and providing application/protocol and user awareness as well
as collecting the reporting data (NME-APA-E2 or NME-APA-E3).
●
The APA Device Console management application. APADC is responsible for
management of APA Network Modules individually or as a group.
●
The operating system software resident on the module (APA-SW-1.0 or APA-SW-2.0).
Note that APA Device Console and the OS are included as one image.
●
A view-only or control software license.
Q. What type of customers can benefit from deploying the Cisco APA module solution?
A. Cisco APA Network Module is targeted for distributed enterprise customers that have several
remote locations and branch offices and that are attempting to classify and prioritize
application traffic. Cisco APA Network Module controls the behavior of the network traffic over
the WAN links to make sure that the performance of each individual application reflects its
importance to business operations.
Managed service providers can also use the Cisco APA Network Module solution to their
advantage and further enhance their competitive differentiation. Service providers can offer
managed Cisco APA services alongside their existing managed router and managed security
business and take advantage of the existing infrastructure and processes. It strengthens
service providers' value proposition by allowing them to focus on application performance
instead of simply offering connections. The managed Cisco APA service provides all the
benefits of Cisco APA Solution without the initial costs of obtaining and installing the
equipment and the costs of ongoing management, allowing the organization to focus on its
core business.
Q. How is the Cisco APA Solution deployed?
A. Deployment scenarios are differentiated by the location of the traffic management solution.
Possible deployment scenarios include:
●
The solution can be located in the branch offices, an arrangement that facilitates
efficient traffic prioritization and bandwidth management of the traffic triggered by the
branch office, such as most of the TCP-based applications and multimedia User
Datagram Protocol (UDP) traffic. In this deployment scenario, APA Network Module is
typically used.
●
The solution can be located in the main (headend) site, for example, when there is a
significant amount of streaming traffic initiated from the main site and the customer is
interested in protecting the WAN links. In this deployment scenario, either the APA
Engine (larger head offices) or APA Network Module (smaller head office) can be used.
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
Q&A
●
The solution is located in both branch offices and the main site when there is mix of
patterns addressed in the cases above. In this situation, a combination of engines and
modules is typically used.
Application Visibility
Q. How does the Cisco APA Network Module solution identify and detect network
applications?
A. By performing deep packet inspection on network traffic, the solution is able to quickly identify
protocols and applications. The APA Solution fully reconstructs individual traffic flows and the
Layer 7 state of each individual application flow. Using Layer 7 signatures and attributes in
addition to behavioral classification algorithms, the APA Solution readily identifies applications
that employ dynamically assigned port numbers and tracks applications that involve multiple
interrelated or spanned flows commonly found in voice over IP (VOIP) or multimedia
streaming protocols.
Q. What business applications and protocols does the Cisco APA Solution support?
A. The Cisco APA Solution supports about 1000 protocols, including:
●
Business applications: Oracle, Citrix, SAP, Microsoft Exchange, Microsoft SQL
●
P2P: KaZaA, Gnutella, Winny, Win/MX, eDonkey, BiTorrent, DirectConnect
●
Multimedia applications: Real Time Streaming Protocol (RTSP), Session Initiation
Protocol (SIP), Skype, H323, and Media Gateway Control Protocol (MGCP)
●
HTTP (HyperText Transfer Protocol), Network News Transfer Protocol (NTTP), Simple
Mail Transfer Protocol (SMTP), POP3, Internet Mail Access Protocol (IMAP), and so on
●
HTTP classification based on URL or user-agent regular expression
●
RTSP classification based on URL or user-agent regular expression
●
SIP classification based on source or destination domain name
Q. What is the plan for adding new protocol support on APA Network Module?
A. Protocols will be updated every two or three months in the form of a protocol pack, which will
be downloaded from Cisco.com and distributed to operating modules and engines. Reporting
Q. What types of reports are provided by the APA module solution?
A. The APADC management application is responsible for report generation and provides close
to 200 reports, using about 100 reporting templates. APADC includes report groups that are
used to generate report instances.
There are two main categories of reports:
●
Monitoring reports: Show how network resources are used for selected services at
various granularities (global, user). Monitoring reports typically show a specific metric
for a set of services at a selected granularity, such as bandwidth for P2P and browsing
services at a link granularity, or volume for the streaming services for specific users.
●
Traffic discovery reports: Provide statistical information about network activity and
help identify the characteristics of the traffic traversing the network, such as the top IP
or P2P protocols in the network
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
Q&A
Q. What is the reporting granularity provided by the Cisco APA module solution?
A. Cisco APA Network Module provides granular analysis and reporting of application traffic on a
per user basis. Data records generated over a 24-hour period are stored locally on the
resident hard drive and then offloaded to the APADC file system on the management station.
Although the nature of the records and frequency with which they are generated are largely
dependent on the type of information being collected, the device can store data records
collected at one-minute increments for the full 24-hour period. Archival of the reporting data
retrieved daily by the APADC file system is supported for a maximum of 30 days.
Q. Can the management system report on multiple modules concurrently?
A. APADC is able to report on traffic patterns from individual modules, without data
consolidation. In order to report on multiple modules, we recommend that customers utilize an
enterprise-class reporting solution, such as Proxy’s PTM solution, or a solution from NetQoS.
Q. Does the APA module solution provide mechanisms to transport the reports to any
external system?
A. The APADC application supports the export of reporting results as a JPEG image and CSV
file to an external workstation.
Ordering Information
Q. Is APA Network Module available to order?
A. The modules and associated software are currently on the global price list. There are two
forms currently available to order: NME-APA-E2 for the 2800 Series ISR or NME-APA-E3 for
the 3800 Series ISR. Customers that have purchased the NME-APA-E2 or NME-APA-E3 with
the original View Only software are entitled to a free upgrade to the Control software.
Q. What APA Software is included with the purchase of the network module?
A. There are two software components for the APA Solution, including the management software
(APA-R3-VO) and the software image (APA-SW-2.0). Both of these software components are
included with the purchase of the module and therefore, are at no cost on the price list.
However, if the customer requires that the module provide both visibility and control, one of
the following software licenses must also be purchased:
●
APA-E2-CC: Control Software License - for 2800 Series
●
APA-E3-CC: Control Software License - for 3800 Series
Q. How do I order an APA Network Module and associated software?
A. The modules can be ordered either as part of a configured router solution or as spares for
existing router deployments. Contact your local Cisco sales representative if you require
further assistance.
Service Control Engine Comparison
Q. How is the Cisco APA Solution different from the Cisco Service Control Engine (SCE)
Solution?
A. The two solutions share the same technology base but are targeted toward different markets.
The APA Solution is typically suitable for the needs of the distributed enterprise customers
whereas the Cisco SCE Solution is targeted for service providers requiring high-capacity
carrier-grade deployments. As a result, the two solutions differ significantly in terms of scale,
throughput, user/flow limits, reporting requirements, and management. Table 1 summarizes
the differences between the two solutions.
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
Q&A
Table 1.
Differences between the Cisco APA and SCE Solutions
Cisco APA Engine
Cisco APA Module
Cisco SCE Solution
Primary target market
Enterprise data center or
higher education institution
Enterprise WAN edge
Service provider edge (MSO,
Wireline, Mobile)
Hardware
Hardware appliance
Router integrated form factor
Hardware appliance
Solution components
APA Engine, APADC
management system
APA Network Module, APADC
management system
SCE hardware, Collection
Manager, Subscriber Manager,
SCA-BB management
application
Solution management
Using the web-based APADC
application; used for device
management, service
management, and reporting
Using the web-based APADC
application; used for device
management, service
management, and reporting
Using SCA-BB application,
GUI-based toolset, primarily
used for service/policy
management, reporting
User management
Through APADC
Through APADC
Using an external server, the
Service Control Subscriber
Manager
Reporting
Onboard storage and reporting
using APADC
Onboard storage of reporting
data, which is retrieved by
APADC as required
Centralized and uses an
external server, the Service
Control Collection Manager
Throughput
200 Mbps bidirectional
90 Mbps bidirectional
(maximum)
SCE1010: 2 Gbps
NME-APA-E2: 250
SCE1010: 40,000
NME-APA-E3: 500
SCE2020: 80,000
SCE2020: 4 Gbps
Concurrent users/
subscribers
CAM-APA-100: 1000
Maximum flows
10,000 concurrent application
flows
5000 concurrent application
flows
1,000,000 concurrent
application flows
Integration/APIs
Industry-standard APIs to
facilitate easy integration with:
● Provisioning systems
Industry-standard APIs to
facilitate easy integration with:
● Provisioning systems
Industry-standard APIs to
facilitate easy integration with:
● Provisioning systems
High availability
● OSSs
● Management systems
● OSSs
● Management systems
● OSSs
● Management systems
● Billing systems
● Billing systems
● Billing systems
Not addressed by the solution
Printed in USA
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Not addressed by the solution
Dual-cascaded system design
to provide redundancy and
failover protection, or N:1
redundancy using SCE cluster
scheme
C67-490068-00 09/08
Page 6 of 6